add skey to sshd:

1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27
author: markus <markus@openbsd.org> 1999-10-07 21:45:02 +0000
committer: markus <markus@openbsd.org> 1999-10-07 21:45:02 +0000
commit: 2cbe402d16f007786082e20001df33fdb6f80adb (patch)
tree: db83314ae64407cb4f843ef29238e50d2f2d3006 /usr.bin/ssh/sshd
parent: use pkg_add -I for ssl package (diff)
download: wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.tar.xz
wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile
index db22b53ed29..f2d01164527 100644
--- a/usr.bin/ssh/sshd/Makefile
+++ b/usr.bin/ssh/sshd/Makefile
@@ -27,6 +27,10 @@ DPADD+=  ${LIBKRBAFS}
 .endif # AFS
 .endif # KERBEROS
 
+.if (${SKEY} == "yes")
+SRCS+=	auth-skey.c
+.endif
+
 .include <bsd.prog.mk>
 
 LDADD+=	-lcrypto -lutil -lz
@@ -37,3 +41,9 @@ CFLAGS+= -DLIBWRAP
 LDADD+= -lwrap
 DPADD+= ${LIBWRAP}
 .endif
+
+.if (${SKEY} == "yes")
+CFLAGS+= -DSKEY
+LDADD+= -lskey
+DPADD+= ${SKEY}
+.endif
author	markus <markus@openbsd.org>	1999-10-07 21:45:02 +0000
committer	markus <markus@openbsd.org>	1999-10-07 21:45:02 +0000
commit	2cbe402d16f007786082e20001df33fdb6f80adb (patch)
tree	db83314ae64407cb4f843ef29238e50d2f2d3006 /usr.bin/ssh/sshd
parent	use pkg_add -I for ssl package (diff)
download	wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.tar.xz wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.zip